I’ve installed Node.js on my system and I’m attempting to run a command to install a package globally using npm install -g create-react. Yet, I encounter this warning message and additional alerts:
npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.
npm WARN deprecated [email protected]: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
changed 67 packages, and audited 68 packages in 4s
4 packages are looking for funding
run `npm fund` for details
2 high severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
What does this warning indicate, and how can I resolve it? Should I modify my npm settings, or is an update necessary?
You’re seeing two different problems here. First, the --global and --local deprecation warning - that’s just npm saying they prefer different syntax now. It won’t break anything, and your package installed fine (see the “changed 67 packages” part). The real issue is those security vulnerabilities and the outdated tar package. I’ve hit this before - updating npm itself usually clears up most warnings. Run npm install -g npm@latest first. For the security stuff, be careful with npm audit fix since it can break things. Check what npm audit actually reports before fixing anything, especially if this is production.
That deprecation warning just means npm changed their command syntax in newer versions. Your package installed fine - npm now wants you to use --location=global instead of -g for global installs. The -g flag still works though, so you don’t need to change it right away. The security vulnerabilities are way more important than the deprecation warning. Your tar package has known security issues. Run npm audit fix --force to try automatic fixes, but heads up - this might update packages to versions that break compatibility. Always test your app after running the fix to make sure everything still works.
hey! i had this issue too. it’s just npm updating how they like commands. your install should work tho. run npm audit fix for those vulnerabilities. oh, and don’t forget to update npm npm update -g npm!